Posted
by
samzenpus
on Monday September 01, 2014 @11:55AM
from the gates-are-open dept.

swinferno writes with news about the leak of hundreds of private celebrity photos over the weekend. Hundreds of revealing pictures of female celebrities were leaked overnight after being stolen from their private collections. Hunger Games actress Jennifer Lawrence, Kirsten Dunst, and pop star Ariana Grande were among the celebrities apparently shown in the pictures, which were posted on infamous web forum 4chan. It's unclear how the images were obtained, but anonymous 4chan users said that they were taken from celebrities' iCloud accounts. The accounts are designed to allow iPhone, iPad, and Mac users to synchronize images, settings, calendar information, and other data between devices, but the service has been criticized for being unreliable and confusing. Earlier this year, Jennifer Lawrence herself complained about the service in an interview with MTV.

You don't need to take photos using an iDevice to have them end up in iCloud. All you need to do is use a Mac.

If you use a Mac to download pictures off your camera - including cell phones that aren't iPhones and therefore behave like standard cameras and don't require Apple-specific software - by default, your pictures will end up in iCloud. It's part of the "Photo Stream" thing to allow users to stream pictures to the Apple TV that clearly every Mac owner has.

Not strictly true, this only happens if a) you sign in to icloud through system preferences or during the mac setup assistant and b) use iPhoto (and possibly iTunes) for your photo management. Apple haven't quite, yet, made it compulsory to use all their crapware if you want to use a mac.

A brute-force program to hack AppleID passwords was recently uploaded to the software-hosting GitHub. The program, appropriately called iBrute, is designed to flood AppleID logons with possible password combinations. The assumption is that the hacker would know the username, often derived from an email address.

Shortly before the stolen images were announced, the owner of iBrute announced the vulnerability — Find My iPhone did not deny access to brute force methods of figuring out a password. Early this morning, the same iBrute owner announced that the vulnerability has been closed, although there has not yet been confirmation from Apple.

iBrute is now reportedly locked out. But there is also speculation that the Find My iPhone hack was not solely to blame for all the apparently stolen files. For instance, someone could trick a celebrity user — or the celebrity’s assistant — into revealing enough information to gain access to iCloud backups. Additionally, it’s possible other online services were involved, since some of the images reportedly show celebrities using Android mobile devices.

Slashdot: Where we care about privacy, unless there's a chance to see a naked girl
Pro-tip: There are millions of photos of naked women out there that can be viewed wiithout violating anyone's privacy. Go make use of those if you're in so desperate need.

You don't need to take photos using an iDevice to have them end up in iCloud. All you need to do is use a Mac.

If you use a Mac to download pictures off your camera - including cell phones that aren't iPhones and therefore behave like standard cameras and don't require Apple-specific software - by default, your pictures will end up in iCloud. It's part of the "Photo Stream" thing to allow users to stream pictures to the Apple TV that clearly every Mac owner has.

Not only that... but anyone you share the photos with could have had an iPhone as well. By default smartphones backup your photos both with Google and Apple, so if anyone you shared the pics with gets hacked, you, by default are hacked as well.

What a bunch of nonsense. How do they "really really really" push iPhoto on Macs? It's there and it launches if you don't have photo imports associated with another app instead. I guess you would prefer that Macs come unable to handle photos out of the box?

I'm not sure what agenda you are talking about. Is that some kind of lame accusation of being involved in PR for one of the companies I mentioned? Because that's the typical response from fanbois and other zealots whenever someone is not bending over and praising their false idols.

Your emperor has no clothes, it's a greedy corporation with a lousy track record for security and no concern for their customers. Saying that is not a blasphemy or a PR operation, it's just the naked truth.